Over half of medium-sized businesses breached in 2017

Over half of IT professionals in U.S. medium-sized businesses believe their organisation was breached in 2017. A report from security firm Cygilant found companies are ill-equipped to respond to breaches and just 15% are "confident" in their strategies.

The results were announced as part of Cygilant's Q1 Cybersecurity Survey which looks at the cybersecurity posture of businesses across the U.S. The company surveyed 165 IT professionals and security leaders to collect the data. Of the respondents, 53 percent said they believe their business was "breached once or more" last year.

The statistic suggests organisations aren't doing enough to protect their IT systems. The professionals tasked with securing networks are aware that their business is falling short of cybersecurity standards, with only 16.6 percent "very confident" they can protect customer data. Security departments aren't receiving the resources they require, which enables external attackers to gain leverage and execute a breach.

80.5 percent of respondents said their department is either underfunded or has no assigned budget at all. This makes it difficult to protect data because IT staff can't purchase the tools they need. Training is also an issue as over 60 percent of firms only provide cybersecurity education once a year or less. The pace of change in the cyberthreat landscape can mean annual training isn't enough to guard against new attack vectors.

Cygilant called for businesses to listen to their IT departments and understand cybersecurity risks. Although assigning resources to security may seem like a costly expense, the benefits far outweigh the risks of a major data breach.

Cyberattacks on SMBs now carry an average cost of $117,000 per incident. Cygilant's findings suggest it's only a matter of time before most companies will experience a breach.

"It's important that businesses understand the cybersecurity challenges they're facing, and no one knows these challenges better than the cybersecurity professionals on the 'front line' working to prevent breaches and a loss of customer and corporate data on a daily basis," said Neil Weitzel, Cygilant Director of Security Research. "These new survey results confirm that companies are not taking the steps they should to build defenses around their customer data and continue to be vulnerable to cyber attacks."

To improve the effectiveness of cybersecurity strategies, companies should focus on minimising their exposed network surface and addressing shortfalls in funding and staffing. Investment in new technologies can also be explored as a way to identify new threats before they have time to get established. Improving cybersecurity posture isn't easy for SMBs but basic resource allocation could go a long way towards resolving the most critical concerns.